projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added security patch
[squirrelmail.git]
/
src
/
options_order.php
diff --git
a/src/options_order.php
b/src/options_order.php
index ffa70ac17f5672f95dcdf7cbe5be7586cb47c09a..670a54897cd27a8c7e2bfceb7b8871462585fb13 100644
(file)
--- a/
src/options_order.php
+++ b/
src/options_order.php
@@
-81,6
+81,10
@@
include ('../src/load_prefs.php');
}
} else if ($method == 'add' && $add) {
include ('../src/load_prefs.php');
}
} else if ($method == 'add' && $add) {
+ // User should not be able to insert PHP-code here
+ $add = str_replace ('<?', '..', $add);
+ $add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
+ $add = str_replace ('<%', '..', $add);
$index_order[count($index_order)+1] = $add;
}
$index_order[count($index_order)+1] = $add;
}